Well, unless you can find any artifacts of actual use or indication of eventlog scrubbing software, there is no reason to jump to such conclusions.
There are other ways to determine what was going on than to just blindly stare at the Eventlog, things you may want to check:
- File-timestamps
- Other logfiles
- Deleted file information
- Internet activity
- Registry last access
- Other computers/devices that it may have been connected to may have info on it.
- Has the eventlog file been manipulated/replaced? Can you find different eventlog files with other info on the system drive? Such files can be copied/overwritten - easily.
↧